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Abstract This paper describes a general framework for automatic termi- 
nation analysis of logic programs, where we understand by "termination" 
the finiteness of the LD-tree constructed for the program and a given query. 
A general property of mappings from a certain subset of the branches of 
an infinite LD-tree into a finite set is proved. From this result several ter- 
mination theorems are derived, by using different finite sets. The first two 
are formulated for the predicate dependency and atom dependency graphs. 
Then a general result for the case of the query-mapping pairs relevant to 
a program is proved (cf. ^9|[2l[]). The correctness of the TermiLog system 
described in j2^] follows from it. In this system it is not possible to prove 
termination for programs involving arithmetic predicates, since the usual or- 
der for the integers is not well-founded. A new method, which can be easily 
incorporated in TermiLog or similar systems, is presented, which makes it 
possible to prove termination for programs involving arithmetic predicates. 
It is based on combining a finite abstraction of the integers with the tech- 
nique of the query-mapping pairs, and is essentially capable of dividing a 
termination proof into several cases, such that a simple termination function 
suffices for each case. Finally several possible extensions are outlined. 

Key words termination of logic programs - abstract interpretation - 
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1 Introduction 



The results of applying the ideas of abstract interpretation to logic pro- 
grams (cf. |10|l ) seem to be especially beautiful and useful, because we are 
dealing in this case with a very simple language which has only one basic 
construct — the clause. Termination of programs is known to be undecidable, 
but again things are simpler for logic programs, because the only possible 
cause for their non-termination is infinite recursion, so it is possible to prove 
termination automatically for a large class of programs. For a formal proof 
of the undccidability of the termination of general logic programs see [Q . 

The kind of termination we address is the termination of the compu- 
tation of all answers to a goal, given a program, when we use Prolog's 
computation rule (cf. J24|]). This is equivalent to finiteness of the LD-tree 
constructed for the program and query (the LD-tree is the SLD-trcc con- 
structed with Prolog's computation rule — cf. Q). Even if one is interested 
only in a single answer, it is important to know that computation of all 
answers terminates, since the solved query may be backtracked into (cf. 

One of the difficulties when dealing with the LD-derivation of a goal, 
given a logic program, is that infinitely many non- variant atoms may appear 
as subgoals. The basic idea is to abstract this possibly infinite structure to 
a finite one. We do this by mapping partial branches of the LD-tree to 
the elements of a finite set of abstractions A. By using the basic lemma of 
the paper and choosing different possibilities for A, we get different results 
about termination. The first two results are formulated for the predicate 
dependency and atom dependency graphs. 



Then we get, by using the query-mapping pairs of 129,211, first a ter- 
mination condition that cannot be checked effectively and then a condition 
that can. The latter forms the core of the TermiLog system (cf. ^2|), a 
quite powerful system we have developed for checking termination of logic 
programs. 

Then a new method, which can be easily incorporated in the TermiLog 
or similar systems, is presented for showing termination for logic programs 
with arithmetic predicates. Showing termination in this case is not easy, 
since the usual order for the integers is not well-founded. The method con- 
sists of the following steps: First, a finite abstract domain for representing 
the range of integers is deduced automatically. Based on this abstraction, 
abstract interpretation is applied to the program. The result is a finite 
number of atoms abstracting answers to queries, which are used to extend 
the technique of query-mapping pairs. For each query-mapping pair that is 
potentially non-terminating, a bounded (integer-valued) termination func- 
tion is guessed. If traversing the pair decreases the value of the termination 
function, then termination is established. Usually simple functions suffice 
for each query-mapping pair, and that gives our approach an edge over the 
classical approach of using a single termination function for all loops, which 
must inevitably be more complicated and harder to guess automatically. 
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It is worth noting that the termination of McCarthy's 91 function can be 
shown automatically using our method. 

Finally generalizations of the algorithms presented are pointed out, which 
make it possible to deal successfully with even more cases. 



2 Preliminaries 

Consider the LD-tree determined by a program and goal. 

Definition 2.1 Let <— r±,...,r n and <— si,...,s m be two nodes on the 
same branch of the LD-tree, with the first node being above the second. We 
say <— Si,...,s m is a direct offspring of ri,...,r n if si is, up to a 
substitution, one of the body atoms of the clause with which r\ , . . . , r n 
was resolved. We define the offspring relation as the irreflexive transitive 
closure of the direct offspring relation. We call a path between two nodes in 
the tree such that one is the offspring of the other a call branch. 



Take for example the add-mult program given in Figure 2.1 and the 
goal mult(s(s(0)) ,s(0) ,Z). 



(i) add(0,0,0). 

(ii) add(s(X) ,Y,s(Z)) :- add(X,Y,Z) . 

(iii) add(X,s(Y) ,s(Z)) :- add(X,Y,Z) . 

(iv) mult(0,X,0) . 

(v) mult(s(X) ,Y,Z)) :- mult(X,Y,Zl) , add(Zl,Y,Z). 
Fig. 2.1 add-mult example 



The LD-tree is given in Figure 2.2. In this case node (2) and node (6) 



are, for instance, direct offspring of node (1), because the first atoms in their 
respective goals come from the body of clause (v), with which the goal of 
node (1) was resolved. Note that we add to the predicate of each atom in 
the LD-tree a subscript that denotes who its 'parent' is, i.e., the node in 
the LD-tree that caused this atom to be called as the result of resolution. A 



graphical representation of the direct offspring relation is given in Figure 2.3. 
The following theorem holds: 

Theorem 2.1 If there is an infinite branch in the LD-tree corresponding to 
a program and query then there is an infinite sequence of nodes Ni, N2, ■ ■ ■ 
such that for each i, Afj+i is an offspring of Ni. 

Proof Straightforward. 

The main idea of the paper is to find useful finite sets of abstractions 
of call branches and to formulate termination results in terms of them. An 
effort has been made to make the presentation as simple and self-contained 
as possible. 
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(1) <- mult(s(s(0)),s(0),Z) 

(2) «- mwZt ( i)(s(0),s(0),Zl),odd(i)(Zl,s(0),Z) 

(3) <- mwZi (2) (0, s(0), Z2), add (2) (Z2, s(0), Zl), add (1) (Zl, s(0), Z) 

{Z2 i-» 0} 

(4) <- adrf (2) (0,s(0),Zl),odd ( i)(Zl,s(0),Z) 

{Zl h-» s(Z3)} 

(5) <- add (4) (0,0,Z3),odd(i)(s(Z3),s(0),Z) 

{Z3 i-> 0} 

(6) «-a<H ( i ) (s(0),«(0),Z) 

{Z i-> s(Z4)} {Z i ► s(Z5)} 

(7) <- add (6) (0,s(0),Z4) (8) <- add (6) (s(0), 0, Z5) 

{Z4 i-» s(Z6)} {Z5 i — ► s(Z7)} 

(9) <- add (7) (0, 0, Z6) (10) <- add (s) (0, 0, Z7) 

{Z6 h-» 0} {Z7 i ► 0} 

(11) ^ (12) ^ 

Fig. 2.2 LD-tree 



(1) 



(2) 



(6) 



(3) 



(4) 



(7) 



(8) 



(5) 



(9) 



(10) 



Fig. 2.3 The offspring relation 



3 The basic lemma 

Given an LD-tree we define a shadow of it as a mapping from its set of call 
branches to a finite set of abstractions. 

Definition 3.1 (Shadow) Let an LD-tree for a query and program and a 
finite set A be given. A shadow of the LD-tree into A is a mapping a that 
assigns to each call branch of the tree an element of A. 

Then the following basic lemma holds 

Lemma 3.1 (Basic Lemma) Suppose the LD-tree for a program and a 
query has an infinite branch. Let a be a shadow mapping from the call 
branches of the tree into a finite set A. Then there is a sequence of nodes 
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Mi, M2, . . . and an element A G A, such that for each i, M,_|_i is an offspring 
of Mi, and for each j, k the call branch from Mj to Mk is mapped by a to 
A. 



Proof By Theorem 2T, there is an infinite sequence of nodes Ni, N2, ■ ■ ., 
such that for each i, Ni+% is an offspring of Ni. To each call branch from 
N to an Nj the mapping a assigns one of the elements of the finite set A. 
By Ramsey's theorem [O we get that there is a subsequence Nk 1 , Nk 2 , . . ., 
such that for each i,j the mapping a assigns to the branch from N^ to Nfa 
the same element. 

There is some structure in the set of call branches. If we have two call 
branches, one going from N\ to N2 and one going from N3 to N4, we can if 
N2 = N3 define their composition, which is the branch from Ni to N4. This 
operation is associative. In accordance with the nomenclature in algebra 
we can call a set S with a partial associative operation * : S x S — > S a 
semi-groupoid. We may want the finite set A to be a semi-groupoid too and 
the mapping a to be a homomorphism. This brings us to the definition of 
a structured shadow. 

Definition 3.2 (Structured Shadow) Let an LD-tree for a query and 
program and a finite semi-groupoid A be given. A structured shadow of the 
LD-tree into A is a mapping a that assigns to each call branch of the tree 
an element of A so that for any two call branches B\ and B2 that can be 
composed we have that a(Bi) * a(B2) is defined and 

a{B 1 *B 2 ) = a(B 1 )*a(B 2 ) 

When defining a structured shadow it is enough to give the value of a 
for call branches between nodes and their direct offspring. This is the reason 
for the name. 

The element A whose existence is proved in the basic lemma is, in the 
case of a structured shadow, an element that can be composed with itself. 
We call such an element a circular element. Moreover, it is idempotent. 



4 Two simple applications of the basic lemma 

In the following sections we'll give applications of the basic lemma. In each 
case we'll give the set of abstractions A which will always be finite and the 
mapping a from call branches to elements of A. In the first two applications 
we use the absence of circular elements in A to derive termination. 



4-1 The Predicate Dependency Graph 

Take as A elements of the form (p — > q) where p and q are predicate symbols 
of the program. Define composition as 

(p ->• 9) * (q ->• r) = (p -> r) 
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If a call branch goes from a node <— p(Xi, . . . , X n ), ... to another node 
<— q(Yi, . . . , Y m ), . . . we'll define the value of a on it as (p — > q). It is not 
difficult to see that a is a structured shadow. 

The predicate dependency graph of a program is a graph whose vertices 
are the predicate symbols of the program and such that for each clause 
A :— B\ , . . . , B n it has an arc from the predicate of A to the predicate of 
Z?i, for i = 1, . . . , n (cf. |2^]). If N±, N2 are nodes in the LD-tree such that 
one is the direct offspring of the other then the value of a for the call branch 
between them can be seen as an arc in the predicate dependency graph of 
the program. 

From the basic lemma we get that if there is non-termination then there 
must be a circular element in the image under a of all the call branches of 
the LD-tree, that is, an element of the form p — > p. This means that there 
is a non-trivial strongly connected component in the predicate dependency 
graph (a trivial strongly connected component is one that consists of a single 
vertex with no arc going from it to itself). Consequently, the following well- 
known theorem follows from the basic lemma: 

Theorem 4.1 If there is no non-trivial strongly connected component in 
the predicate dependency graph of a program any query to it terminates. 

It is easy to find examples of programs such that every query to them ter- 
minates and yet their predicate dependency graph has non-trivial strongly 
connected components. Take the program 

at ( j erusalem, mary) . 
at(X, jane) :— at(X, mary). 

where the predicate dependency graph has the single vertex at with an arc 
at — » at. 

4-2 The Atom Dependency Graph 

Define two atoms to be equivalent if they are variants of each other. For 
an atom At denote by [At] its equivalence class under variance. Take as A 
elements of the form [p(Ti , . . . , T n )} — > [q(Si , . . . , S m )] where p{T\ , . . . , T n ) is 
an atom that appears in the head of a clause in the program and q{S\ , . . . , S m ) 
is an atom that appear in the body of a clause. Composition is defined for 
pairs 

[p{Ti, ■ • ■ , T n )] -» [q{S u ...,S m )] and [q(R u . . . , R m )] -» [r{W u . . . , W k )\ 
such that representatives that are named apart of [q(S±, . . . , S m )] and 

[g(J?i, . . . Rm)] can be unified. In that case the result of the composition is 

b(T 1; ...,T„)] - [r(W u ...,W k )]. 

Now suppose a node <— p(Ti, . . . ,T n ), . . . has as direct offspring a node 

<— q(S\, . . . , S m ), . . . and suppose the clause used for resolution with the 

first node was A :— Bi, . . . ,Bi and that the atom q(Si, . . . , S m ) originates 
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in Bj. Then we will take a to map the call branch between the two nodes 
to [A] — > [Bj]. For call branches between nodes that are not direct offspring 
of each other we define the value of a by composition. 

We can define the atom dependency graph of a program as follows. Con- 
sider a graph whose vertices are equivalence classes of atoms that appear 
in the program. If there is a rule A :— B\,Bi-, ...,B n then we put in the 
graph arcs [A] — > [Bi] (i = 1, n). We call these arcs "arcs of the first 
kind". Now if there are arcs of the first kind [Ai] — > [A2] and [Bi] — > [B2] 
and named apart variants of A2 and i?i can be unified, we also add an arc 
[A2] [Bi]- Such an arc we call "an arc of the second kind" . The graph we 
get we call the atom dependency graph (note the similarity to the U-graph 
of p8fl). For the example at the end of the previous subsection the atom 
dependency graph consists of the two vertices [at(X, jane)], [at(X , mary)] 
and an arc from the first to the second. 

From the basic lemma we get that if there is an infinite branch in the 
LD-tree there must be a circular element in the image under a of the call 
branches of the LD-tree. 

So we get the following conclusion of the basic lemma: 

Theorem 4.2 If there is no non-trivial strongly connected component in 
the atom dependency graph of a program any guery to it terminates. 

Again it is not difficult to find programs such that every query to them 
terminates and yet their atom dependency graph has non-trivial strongly 
connected components. Take the following program 

p(X,f(Z)) :- q(X,f(Z)). 
q(g(Y),W) :- r(g(Y),W). 
r(X,X) :- p(X,X). 

for which every SLD-tree is finite, but for which there is a strongly connected 
component consisting of 6 nodes in its atom dependency graph — if we denote 
by a, 6, c, d, e, / respectively the atom dependency graph nodes 

[p(X,f(Y))], [q(X,f(Y))], [q(g(X),Y)], [r(g(X),Y)], [r(X,X)], ]p(X,X)] 

then there are arcs of the first kind from a to b, from c to d and from e to 
/ and arcs of the second kind from b to c, from d to e and from / to a, so 
the nodes a, 6, c, d, e, / form a strongly connected component. 

5 The Abstraction to Query-Mapping Pairs 

We will now consider a more complex abstraction and take as A the set of 
query-mapping pairs determined by the program. In this case termination 
will follow not from the absence of circular elements in the image of the 
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shadow mapping, but from the absence of circular elements of a certain 
kind. 

We start with a formal definition of query-mapping pairs. The meaning 
of the pairs will be clarified later. 

Definition 5.1 (Mixed Graph) A mixed graph is a graph with both edges 
and arcs. (We use the usual terminology — edges are undirected, while arcs 
are directed.) 

A query-mapping pair consists of two parts, both of which are mixed graphs, 
however a different notation is used for each. 

Definition 5.2 (Query-Mapping Pair) A query-mapping pair (w, /x) con- 
sists of two parts: 

— The query it, that is a mixed graph whose nodes correspond to argument 
positions of some predicate in the program and are either black, denoted 
by h, or white, denoted by f. An edge from the i 'th to the j 'th position 
will be denoted by eq(i, j). An arc from the i 'th to the j 'th position will be 
denoted by gt{i,j). As an example of a query for the add-mult program 
take mult(h,b,f) [gt(l,2),eq(2,3)]. 

— The mapping [i, that is a mixed graph whose nodes correspond to the 
argument positions of the head of some rule ( the domain ) and the argu- 
ment positions of some body atom of that rule (the range,). Again nodes 
can be blac k or white. In this case we depict the graph pictorially, as in 
Figure 5.1 . 




Fig. 5.1 Example of mapping 



For examples of query-mapping pairs see Figures 5.2, 5.3, 5.4 



Clearly the number of query-mapping pairs that can be created by using 
the predicate symbols of a program is finite. 

The means for proving termination is choosing a well-founded order on 
terms and using it to show that the LD-tree constructed for the program 
and query cannot have infinite branches. Different orders may be defined 
(cf. (Til). One of the ways an order can be given is by defining a norm 
on terms. For example, one can use symbolic linear norms, which include 
as special cases the term-size norm and the list-size norm. These symbolic 
linear norms will be linear expressions, which we will be able to use in the 
termination proof when they become integers. Essentially edges and arcs 
will denote equality and inequality of norms and a node will become black 
if its symbolic linear norm is an integer. 
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Definition 5.3 (Symbolic Linear Norm) A symbolic linear norm for 
the terms created from an alphabet consisting of function symbols and vari- 
ables is defined for non-variable terms by 

n 

ii/(av..x„)|| = c+$>ra 

»=i 

where c and a±, . . . a n are non-negative integers that depend only on f/n. 
This also defines the norm of constants if we consider them as function sym- 
bols with arity. With each logical variable we associate an integer variable 
to represent its norm ( we use the same name for both, since the meaning of 
the variable is clear from the context). 

Definition 5.4 (Instantiated Enough) A term is instantiated enough 
with respect to a symbolic linear norm if the expression giving its symbolic 
norm is an integer. 

In this way of defining symbolic norms we follow p5| . Some authors define 
the norm of a variable to be and then use the norm only for terms that 
are rigid with respect to it (cf. In our context it is more convenient to 

use the symbolic norm. If the symbolic linear norm of a term is an integer 
then we know that the term is rigid with respect to this particular norm. 

We get the term-size norm, which can be defined for a ground term as 
the number of edges in its representation as a tree, or alternatively as the 
sum of the arities of its functors, by setting for every f/n 

c = n , a\ = ■ ■ ■ a n = 1 

So, for instance, the symbolic term-size norm of f(g(X,X,Y),X) is 5 + 
3X + Y . The symbolic term-size norm of a term is an integer exactly when 
the term is ground. 

To get the list-size norm we set for the list functor 

||[tf|T]|| = l + ]]T|| 

that is c = l,<ii = 0,a2 = 1, and for all other functors equate the norm 
of a term with them as head functor to 0. In this case the norm is a posi- 
tive integer exactly for lists that have finite positive length, irrespective of 
whether their elements are fully instantiated or not. 

This is perhaps the place to note that, since for the term-size norm all 
the aj's are nonzero, a term is instantiated enough with respect to it only 
if it is ground, while for other symbolic norms a term may be instantiated 
enough without being ground. 

Given the LD-tree of a program we define the shadow mapping a rea i as 
follows. 

With each call branch between nodes that are offspring of each other we 
associate a query-mapping pair in the following way: 
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If 

— the node nearest to the root among the branch nodes is <— pi, . . . ^Pm^ 

— the node farthest from the root is <— q\, . . . , q n , 

— the substitution 9 is the composition of the substitutions associated with 
the branch, 

— abs is the abstraction function which associates with each atom the 
same atom with its arguments replaced by b for arguments that are 
instantiated enough for the norm used and f otherwise, 

then 

— the query of the pair is abs(pi), with the constraints that hold between 
the arguments of pi, 

— the domain of the mapping is abs(j>\6), 

— the range is abs(qi), 

— edges connect elements in the domain and range for which the corre- 
sponding elements in the tree (i.e. the arguments of p\9 and q\) have 
the same norm, 

— arcs connect elements in the domain and range for which the correspond- 
ing elements in the tree are instantiated enough and for which a norm 
inequality can be inferred. 

(The reader might be puzzled why we introduce arcs between elements for 
which a norm inequality can be inferred only if the arguments are instan- 
tiated enough — the term-size of s{X) will always be larger than that of X, 
whatever the substitution for X will be. However, to prove termination we 
use the well foundedness of the non-negative integers, so will use the fact 
that there cannot be an infinite path of arcs, since in our case they connect 
elements with integer norm.) 



Take for example the add-mult program given in Figure 2.1 and the 
goal mult (s (s (0) ) ,s(0) , Z) and use the term-size norm (recall that for a 
ground term its term-size is the number of edges in its representation as a 
tree). 

To give a few examples of the query-mapping pairs we get for the LD- 
tree of this program and goal, which is shown in Figure |2.2| (where we denote 
the constraints of a query by a list of elements of the form eq(i,j) if the z'th 
and j'th arguments have the same term-size, and gt(i,j) if the term-size 
of the i'th argument is greater than that of the j'th argument; and where 
there is in the mappings an edge between nodes with the same term-size 
and an arc from a node with larger integer term-size to a node with smaller 
integer term-size): 

For the call branch between node (1) and its direct offspring (2) we 



get the pair depicted in Figure 5.2. For the call branch between node (6) 



and its direct offspring (8) we get the pair presented in Figure 5.3. For the 



call branch between node (6) and its offspring node (10) we get the pair in 



Figure 5.4 



Note the following properties of query-mapping pairs in the image of 
a re ai- A black node corresponds to an argument position which is instanti- 
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query: 


mult(b,b,f) 


[gt( 1,2)1 


mapping 


: mult , 




1 o 




mult | 


X 


1 o 



Fig. 5.2 Query-mapping pair for the branch from (1) to (2) 



query: add(b,b,f) 


[eq(l,2)j 


mapping: add . 




add 1^ 


7| ° 



Fig. 5.3 Query-mapping pair for the branch from (6) to (8) 



query: add(b,b,f) |eq(l>2)J 
mapping: add . . 

add JX1 o 



Fig. 5.4 Query-mapping pair for the branch from (6) to (10) 

ated enough for the chosen symbolic norm to be an integer. A white node 
corresponds to an argument position that is potentially not instantiated 
enough. An edge connects two nodes that have equal symbolic norms, and 
hence must be of the same color. An arc goes from a black node to another 
black node that has smaller norm (recall that norms of black nodes are non- 
negative integers) . The proof of termination uses the existence of such arcs 
and the well-foundcdness of the non-negative integers with the usual order. 
We define consistency of a mixed graph: 

Definition 5.5 (Consistency) A mixed graph is consistent if it has no 
positive cycle (i.e. a cycle that may contain both edges and arcs, but has at 
least one arc). 

Then it is clear that queries and mappings in the image must be consistent. 
A positive cycle may have only black nodes. This means that for each ar- 
gument T represented by such a node we have that ||T|| is an integer and 
||T|| < ||T||, which is impossible. That is, a query-mapping pair that is not 
consistent represents a branch that cannot really occur. 

Note further that sets of edges and arcs for queries and mappings are 
closed under transitive closure and that the domain of a mapping of a pair 
is subsumed by the query, where subsumption is defined as follows. 
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Definition 5.6 (Subsumption) Given two mixed graphs with black and 
white nodes G\ and G2, we say that G\ is subsumed by G2 if they have the 
same nodes up to color, every node that is black in G2 is also black in G\, 
and every edge or arc between nodes in G2 also appears for the respective 
nodes in G\. 

Among all query-mapping pairs we distinguish the 'recursive' pairs, 
those for which the query is identi cal to the range of the mapping (the 



query-mapping pair given in Figure 5A is of this kind) 



Before proceeding we need the following two definitions from ]29| . We 
want to model recursive calls, so in the case of a query-mapping pair (ir, fi) 
such that 7r is identical to the range of /1, we create what we call a circular 
variant by introducing special edges between corresponding nodes in the 
domain and range. These special edges behave like ordinary edges, except 
that they can only be traversed from range to domain. What a circular edge 
between a range node and domain node models, is that the range node can 
become unified with the domain node of another instance of the pair we 
considered. 

Definition 5.7 (Circular Variant) // (tt,/i) is a query-mapping pair, 
such that n is identical to the range of [i, then the circular variant of (tt, /x) is 
(7r, fi'), where fj! is obtained from fi by connecting each pair of corresponding 
nodes in the domain and range with a circular edge. 

Definition 5.8 (Forward Positive Cycle) A circular variant (tt,/j,) has 
a forward positive cycle if fi has a positive cycle, such that when this cycle 
is traversed, each circular edge is traversed from the range to the domain. 

From the basic lemma we get that if there is an infinite branch in the tree, 
there must be an infinite sequence of nodes Ni , N2 , . . . such that for each i 
the branch from Ni to iVj+i is mapped into the same recursive pair. Suppose 
the circular variant of this pair has a positive forward cycle. Start with a 
node on a forward positive cycle, in the domain of the pair corresponding to 
some call branch, say from Ni to Ni+i. Now traverse the cycle, but in the 
case of a circular edge go from the range of this pair to the domain of the 
pair for the call branch from 2Vj+i to iVj+a. After a number of steps equal 
to the number of circular arcs on the forward positive cycle we'll return 
to the same node in the pair as we started from, only now corresponding 
to a lower call branch. From the existence of the forward positive cycle we 
can deduce a decrease in norm. This means that we can find an infinite 
sequence of arguments of atoms in the tree, such that their norms form a 
descending sequence of non-negative integers, which is impossible. So we 
get the following conclusion from the basic lemma 

Theorem 5.1 Let the LD-tree for a query and a program and a symbolic 
linear norm be given. Define a rea i as above. If all the circular variants that 
can be created from the query-mapping pairs in the image of a rea i have a 
forward positive cycle, then the tree must be finite, i.e., there is termination 
for the query with Prolog's computation rule. 
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Again it is easy to find an example of a program that terminates although 
it does not satisfy the condition of the theorem. Take the program 

p(0). 

p(l) :- p(0). 

with query pattern p(f) and a norm that assigns the same value to and 
1. 

Theorem |5.l| does not give us an effecive way to determine for a partic- 
ular program and query if there is termination, because we cannot always 
construct the LD-tree that may be infinite. The next section gives a way to 
approximate the 'real' query-mapping pairs. The algorithm proposed either 
says that there is termination, or that it is not strong enough to decide. 

5.1 The Query- Mapping Pairs Algorithm 

The following algorithm has been implemened in a system called TermiLog 
(cf. |2l|,^2|), which is quite powerful and has been able to analyze correctly 
82% of the 120 benchmark programs it was tested on, taken from the lit- 
erature on termination and other sources. The basic idea of the algorithm 
is to approximate the set of query-mapping pairs that are associated with 
the LD-tree for a query and program. We will show that each 'real' query- 
mapping pair arising from the LD-tree (i.e. the image under a rea i of a call 
branch) is subsumed by a query-mapping pair in the approximation, so that 
a sufficient condition for the finiteness of the LD-tree is that every circular 
variant in the approximation has a forward positive cycle. 

We will define a structured shadow a app , which is a widening (cf. fl(i|| ) 
of a rea i , by giving its value for call branches between nodes that are direct 
offspring of each other (the generation step) and find its value for other call 
branches by composition (the composition step). It should be noted that in 
this associates with each call branch a query-mapping pair that 

depends not only — as in the previous section — on the nodes at the ends 
of the branch and the substitution associated with them, but also on the 
location of the branch in the tree. Since we are approximating the 'real' pairs 
our conclusions are sound, but there may be constraints which we have not 
inferred, so it may happen that the value of a app for two call branches which 
look identical but are in different parts of the tree will be different. 

The first step is constructing from each rule of the program a weighted 
rule graph, which extracts the information about argument norms that is 
in the rule. 

Definition 5.9 (Weighted Rule Graph) The weighted rule graph asso- 
ciated with a rule has as nodes all the argument positions of the atoms in 
the rule; it has edges connecting the nodes of arguments which have equal 
norm and has a potential weighted arc between any two nodes such that the 
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difference between the norms of the respective arguments, which is a linear 
expression, has non-negative coefficients and a positive constant term, and 
this potential arc is labeled by the difference. 

In our example, using the term-size norm, we get for the rule 

mult(s(X),Y, Z)) :- mult(X, Y, Zl), add(Zl, Y, Z). 

the weighted rule graph that is shown in Figure |5.5| . The potential arc is 




Fig. 5.5 Weighted rule graph 



shown by a dashed arc. It should be explained what potential arcs are. In 
the termination proof we use the fact that the order induced by the norm on 
terms that are instantiated enough is well-founded (recall that for such terms 
the norm is a non- negative integer). Once we know that the nodes connected 
by a potential arc are instantiated enough, we connect them with an arc. 
However, we will not do this when we do not know that the arguments are 
instantiated enough, because we want to be sure that there cannot be an 
infinite path consisting of arcs. Consider for example the program 



int(O). 
int(s(X)) 



int(X). 



with the query int (Y) and the term-size norm. From the rule we get the 
weighted rule graph that is shown in Figure |5.6| , but as Figure 5.7 shows 
there is an infinite derivation. 



int s(X) 
1 

int X 



Fig. 5.6 Weighted rule graph 



We return now to the original example. We have the query 
mult(s{s(0)),s(0),Z) 
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<- int(Y) 

{Y i y s(Yl)} 

<- mt(yi) 

{VI h-> s(F2)} 

<- mt(Y2) 



Fig. 5.7 Infinite derivation 



which we abstract to the query pattern mult(b, 6, /) with empty constraint 
list. We now construct the summaries of the augmented argument map- 
pings associated with it, terms that will be defined presently. Our definition 
of augmented argument mapping differs from that in p9fl , for reasons that 
will be explained. The basic idea is that we take a rule r, for which the 
head predicate is the same as in the query, and a subgoal s in the body of 
r, and try to approximate the 'real' query-mapping pair corresponding to 
the head of r and s in the LD-tree. We do this by using information we 
have from the weighted rule graph of r and also, if we have them, results 
of instantiation analysis and constraint inference about the instanti- 
ations and constraints of the body subgoals preceding s, which we assume 
have succeeded before we got to s. The method used for the instantiation 
analysis and constraint inference is abstract interpretation. For the details 
see |l] . 

Definition 5.10 (Augmented Argument Mapping) An augmented ar- 
gument mapping, which is a mixed graph, is constructed for a rule r and a 
subgoal s in its body as follows. 

— There are nodes for the argument positions of the head of r, for s, and 
for all subgoals that precede s. 

— Nodes are blackened in agreement with the rule and the instantiation 
analysis for subgoals that precede s.[] 

— There are all the edges and arcs that can be derived from the weighted 
rule graph and from the constraint inference for subgoals preceding s. 

— In the case of disjunctive information about constraints or instantiations 
the augmented argument mapping will use one disjunct. 



1 In [E9j nodes that correspond to arguments that precede s are made black. 
This is justified there because of the assumption that any variable in the head 
of a program clause also appears in its body, an assumption which causes all 
atoms in the success set of the program to be ground, but not in our more general 
setting. Another difference is the use of weighted arcs. For instance, if we have the 
configuration with edges, arcs and weighted arcs, that is presented in Figure 5.8, 



we can say that in the transitive closure there is an arc from Ni to N5, while we 
could not come to this conclusion if the weighted arcs were ordinary arcs. 
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— The graph is consistent. 

— The domain consists of the nodes corresponding to the head of r, and 
the range consists of the nodes corresponding to s. 



2+X 2+X 

• - • « 



Fig. 5.8 The weighted arcs 



A few words about the consistency: If, for instance, we are constructing the 
augmented argument mapping for the rule 

a(X,Y) :- b(X,Y),c(X,Y),d(X,Y). 

and the subgoal d(X, Y) we cannot use for b the constraint gt(l, 2) and for c 
the conflicting constraint gt(2, 1), or for b the instantiation b(ie, nie) and for 
c the conflicting instantiation c(nie, ie) (here ie denotes an argument that is 
instantiated enough, and nie an argument that is not — note the difference 
between ie and nie, which are mutually exclusive and b and /, where the 
second possibility includes the first). 

Definition 5.11 (Summary) If fi is a consistent augmented argument 
mapping, then the summary of \x consists of the nodes in the domain and 
range of \x and the edges and arcs among these nodes ( it is undefined if pi 
is inconsistent). 

Summaries of augmented argument mappings give us approximations to 
'real' mappings constructed for nodes that are direct offspring of each other. 

We return now to the query mult(b, b, f) and build the augmented ar- 
gument mappings derived for it from the rule 



mult(s(X), Y, Z)) :- mult(X, Y, Zl), add(Zl, Y, Z). 

It should be noted that when we build the augmented argument mapping 
for a query we also take into account the instantiations and constraints of 
the query. 



For the first subgoal we get the mapping presented in Figure 5.9. The 



mult ( 


> < 


1 o 


mult | 


i < 


I o 



Fig. 5.9 Mapping for the first subgoal 
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summary is identical to the mapping, and Figure 5.10 presents the query- 
mapping pair obtained. 



query: mult(b,b,f) [] 
mapping: mult a s (1) 
mult 



I I 



Fig. 5.10 Query- mapping pair for the first subgoal of mult 



From the augmented argument mapping corresponding to the second 
subgoal of the rule we basically want to infer the relationship between 
mult(s(X), Y, Z) and add(Zl,Y, Z) assuming mult{X,Y, Z\) has already 
been proved. This is where we use instantiation analysis and, possibly, con- 
straint inference. If we did not use any information on mult(X, YZ1) we 
would get the augmented argument mapping presented in Figure 5.11 . Now 



mult . 




Fig. 5.11 Mapping for the second subgoal 



from the instantiation analysis we will get that the two possible instanti- 
ations for mult are mult(ie,ie,ie) and mult(ie,nie,ie) where ie denotes 
a ground term and nie denotes a non-ground term, i.e., a term that con- 
tains at least one variable. Since the first two arguments of the intermediate 
subgoal are ground, so must the third one b e. So we get the augmented 
argument mapping that is presented in Figu re 5.12 , which gives rise to the 
query-mapping pair presented in Figure 5.13 and the new query add(b, &, /) 
(with no constraints). If we had not been able to use the results of the in- 
stantiation analysis we would have gotten the query add(f, b, /), which does 
not terminate, and our algorithm would just have said for the original query 
that there may be non-termination. 

Using the appropriate augmented argument mappings for the new query 



add(b, b, /), we get the new query-mapping pairs (Figures 5.14 and 5.15) and 
no new queries. 
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mult _ • 



mult # o • 



add I 



Fig. 5.12 Mapping for the second subgoal 



query: 


mult(b,b,f) [] 




mapping: 


mult , . r 


(2) 




add , 1 c 





Fig. 5.13 Query-mapping pair for the second subgoal of mult 



query: add(b,b,f) [] 
mapping: add a a (3) 
add 



! I 



Fig. 5.14 Query- mapping pair for add 



query: add(b,b,f) [] 
mapping: add a s (4) 
add 



Fig. 5.15 Query- mapping pair for add 



Now we have to apply composition to the query-mapping pairs we have 
created thus far. Recall the following definitions from [B9j: 



Definition 5.12 (Composition of Mappings) If the range of a mapping 
ll and the domain of a mapping v are labeled by the same predicate, then the 
composition of the mappings [i and v, denoted [iov, is obtained by unifying 
each node in the range of fi with the corresponding node in the domain of 
v . When unifying two nodes, the result is a black node if at least one of the 
nodes is black, otherwise it is a white node. If a node becomes black, so do 
all nodes connected to it with an edge. The domain of [i o v is that of \x, and 
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its range is that of v. The edges and arcs of /x o v consist of the transitive 
closure of the union of the edges and arcs of n and v. 

Definition 5.13 (Composition of Query-Mapping Pairs) Let (%%, Hi) 
and (tT2, M2) be query-mapping pairs, such that the range of [i\ is identical 
to 7r 2 . The composition of (711, /Ui) and (^2,1^2) is (7Ti,/x), where /x is the 
summary of /zi o /x 2 ( and, hence, the composition is undefined if o /i 2 is 
inconsistent) . 

By repeatedly composing the approximations we got thus far we get the 
following new pairs. 

Composition of pairs (1) and (2) gives a new pair (5); pairs (3) and (4) 
give a new pair (6); (2) and (6) give (7). These new pairs are presented by 
Figures 5.16, |5.17 and 5. 18] respectively. No more query-mapping pairs can 



query: 


mult(b,b,f) [] 


mapping 


:mult . . (5) 




add . 1 



Fig. 5.16 Query- mapping pair for add 



query: add(b,b,f) [] 
mapping: add . . (6) 
add { I „ 



Fig. 5.17 Query- mapping pair for add 



query: 


mult(b,b,f) [] 


mapping 


:mult . . (7) 




add . i 



Fig. 5.18 Query- mapping pair for add 
be created. 
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Since for each of the above query-mapping pairs, if the circular variant 
exists it has a forward positive cycle, it follows, since for each call branch 
its image under a app subsumes its image under a rea i, that queries of the 
form mult(b, b, /) terminate. 

If in the above example we would have used results of the constraint 
inference for the one intermediate subgoal we had, we would have gotten 
more query-mapping pairs, but again every circular variant would have had 
a forward positive cycle, so we would have been able to show termination. 
However, if it is possible to prove termination without constraint inference, 
there is no reason to use it, because the more query-mapping pairs there 
are the longer the termination proof takes. 

The following theorem holds: 

Theorem 5.2 Let the LD-tree for a query and program and a symbolic 
linear norm be given. Define the structured shadow a app as above. If all the 
circular variants that can be created from query-mapping pairs in the image 
of a app have a forward positive cycle then the tree must be finite, i.e., there 
is termination for the query with Prolog 's computation rule. 



This theorem follows from Theorem 5.1 if we notice that for every call 
branch B we have that a rea i(B) is subsumed by a app (B). 

Actually, since we have here a structured shadow, the element whose 
existence is proved in the basic lemma is both circular and idempotent. So 
we can formulate a stronger theorem, which is more efficient to implement: 



Theorem 5.3 Let the LD-tree for a query and program and a symbolic 
linear norm be given. Define the structured shadow a app as above. If all 
the circular idempotent query-mapping pairs in the image of a app have an 
arc from an argument in the domain to the corresponding argument in the 
range, then the tree must be finite, i.e., there is termination for the query 
with Prolog's computation rule. 



It is not difficult to see that the condition of Theorem 5.2 implies the con 



dition of Theorem 5.3, since if we have a circular idempotent pair for which 
the circular variant has a forward positive cycle, and compose it with itself 
the right number of times (that is, the number of circular arcs on the for- 
ward positive cycle), we get an arc from an argument in the domain to the 
corresponding argument in the range. 



Theorem |5.3| is really stronger than Theorem 5.2, as the following pro- 
gram shows: 

p(0,0). 

p(s(X),Y) :- p(f(0),X). 
p(X,s(Y)) :- p(Y,f(0)). 

In this case there is termination for queries of the form p(b, b ), bu t, using 
the term-size norm, this can only be deduced from Theorem |5.3| and not 
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Theorem because there are circular variants without forward positive 
cycle. 

It is interesting to note that the rule of composition does not hold for 
a rea i , so it is not a structured shadow. For instance if we take the program 



p(X,a) :- q(X). 
q(X) :- r(X,a). 

and the LD-tree for p(X,a) 

(1) «-p(X,a) 

(2) - q(X) 

(3) «-r(X,a) 

and the term-size norm, then the image under a rea i of the branch from (1) 
to (2) composed with the image under a rea i of the branch from (2) to (3) 
will not contain the edge between the second arguments of p and r that is 
in the image under a rea i of the branch between (1) and (3). We will always 
have that a rea i(Bi) * a rea i(B 2 ) subsumes a rea i{Bi * B 2 ). 



The following optimization of Theorem 5/2 holds: It is enough to consider 
only query-mapping pairs in which the predicate of the domain and the 
predicate of the range are in the same strongly connected component of the 
predicate dependency graph. 



6 Logic programs containing arithmetic predicates 

The algorithm we describe next would come into play only when the usual 
termination analyzers fail to prove termination using the structural argu- 
ments of predicates. As a first step it verifies the presence of an integer 
loop in the program. If no integer loop is found, the possibility of non- 
termination is reported, meaning that the termination cannot be proved 
by this technique. If integer loops are found, each of them is taken into 
consideration. The algorithm starts by discovering integer positions in the 
program, proceeds with creating appropriate abstractions, based on the in- 
teger loops, and concludes by applying an extension of the query-mapping 



pairs technique. The formal algorithm is presented in Subsection 6.6. 

The structured shadow we define in this case assigns to the branch from 
node <— n, . . . , r n to its direct offspring *— si, . . . , Sk, where is the compo- 
sition of the substitutions between the nodes, the following query-mapping 
pair: each atom is abstracted to a pair (predicate, constraint) , where the con- 
straint is one from a finite set of mutually exclusive numerical constraints 
(for example, argl > 0, argl > arg2 7 where argl and arg2 are respectively 
the first and the second arguments of the atom) . The query is the abstraction 
of r%. The mapping of the query-mapping pair, is as before, a quadruple — 
the domain, the range, edges and arcs. The domain of the query-mapping 
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pair is the abstraction of r\0, the range is the abstraction of s±, and there 
are edges and arcs between nodes of r\6 and s\. Edges and arcs correspond 
to numerical equalities and inequalities of the respective arguments. When 
composing two query-mapping pairs numerical nodes are unified only if 
they have the same constraint (remember that the constraints arc mutually 
exclusive). Termination is shown by means of a non- negative termination 
function of the arguments of an atom, that decreases from the domain to 
the range (cf. |l5| ) . Note that in the numerical part of the program we will 
use both the query-mapping pairs relative to the norm and the new kind of 
numerical query-mapping pairs. A s we will see later on, sometimes in order 
to prove termination (cf. Example 6.12 ) both kinds of query-mapping pairs 
are essential. 

The technique we present in this section allows us to analyze correctly on 
the one hand common examples of Prolog programs (such as factorial fl2]| , 
Fibonacci, Hanoi @, odd-even |^|, between ||, Ackermann (3^]), and on 
the other hand more difficult examples, such as gcd and mc_carthy_91 |25|, 
^,|l6). Note that some of these examples were previously considered in the 
literature on termination. However, they were always assumed to be given 
in the successor notation, thus solving the problem of well-foundedness. 
Moreover, the analysis of some of these examples, such as gcd, required 
special techniques p3|. 



6.1 The 91 function 

We start by illustrating informally the use of our algorithm for proving 
the termination of the 91 function. This convoluted function was invented 
by John McCarthy for exploring properties of recursive programs, and is 
considered to be a good test case for automatic verification systems (cf. |2a , 
^,|l6)). The treatment here is on the intuitive level. Formal details will be 
given in subsequent sections. 
Consider the clauses: 

Example 6.1 

mc_carthy_91(X, Y) :- X > 100, Y is X - 10. 

mc_carthy_91(X, Y) :- X < 100, Z is X + 11, mc_carthy_91(Z, Zl), 
mc_carthy_91(Zl, Y). 

and assume that a query of the form mc_carthy_91 (i , /) is given, that is, 
a query in which the first argument is bound to an integer, and the second 
is free. This program computes the same answers as the following one: 

mc_carthy_91(X, Y) :- X > 100, Y is X - 10. 
mc_carthy_91(X, 91) :- X < 100. 

with the same query. Note, however, that while the termination of the latter 
program is obvious, since there is no recursion in it, the termination of the 
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first one is far from being trivial and a lot of effort was dedicated to find 
termination proofs for it ( p5|, p(i|, fl6| ) . 

Our algorithm starts off by discovering numerical arguments. This 
step is based on abstract interpretation, and as a result both arguments of 
mc_carthy_91 are proven to be numerical. Moreover, they are proven to be 
of integer type. The importance of knowledge of this kind and techniques 
for its discovery are discussed in Subsection |6.2.2 . 



The next step of the algorithm is the inference of the (finite) integer 
abstraction domain which will help overcome difficulties caused by the 
fact that the (positive and negative) integers with the usual (greater-than 
or less-than) order are not well-founded. Integer abstractions are derived 
from arithmetic comparisons in the bodies of rules. However, a simplistic 
approach may be insufficient and the more powerful techniques presented 



in Section 6.3 arc sometimes essential. In our case the domain 

{(-co, 89], [90, 100], [101, oo)} 

of intervals is deduced. For the sake of convenience we denote this tripartite 
domain by {small, med, big}. 

In the next step, we use abstract interpretation to describe an- 
swers to queries. This allows us to infer numerical inter-argument rela- 



tions of a novel type. In Section 3.4 the technique for inference of constraints 
of this kind is presented. For our running example we get the following ab- 
stract atoms: 

mc_carthy_91 (big, big) mc_carthy_91 (med , med) 
mc_carthy_91 (big, med) mc_carthy_91 (small , med) 

These abstract atoms characterize the answers of the program. 

The concluding step creates query-mapping pairs in the fashion of |2l| . 
This process uses the abstract descriptions of answers to queries and is 
described in Section |6l| In our case, we obtain among others, the query- 
mapping pair having the query mc_carthy_91 (i , f) , where i denotes an 
integer argument and / an unrestricted one, and the mapping presented in 



Figure [6^1]. The upper nodes correspond to argument positions of the head 
of the recursive clause, and the lower nodes — to argument positions of the 
second recursive subgoal in the body. Circled black nodes denote integer ar- 
gument positions, and white nodes denote positions on which no assumption 
is made. The arc denotes an increase of the first argument, in the sense that 
the first argument in the head is less than the first argument in the second 
recursive subgoal. Each set of nodes is accompanied by a set of constraints. 
Some could be inter-argument relations of the type considered in pl| . In our 
example this subset is empty. The rest are constraints based on the integer 
abstraction domain. In this case, that set contains the constraint that the 
first argument is in med. The query-mapping pair presented is circular (up- 
per and lower nodes are the same), but the termination tests of fail. 
Thus, a termination function must be guessed. For this loop we can use the 
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{argl in med 



{argl in med 



Fig. 6.1 Mapping for McCarthy's 91 function 



function 100— argl, where argl denotes the first argument of the atom. The 
value of this function decreases while traversing the given query-mapping 
pair from the upper to the lower nodes. Since it is also bounded from below 
(100 >argl), this query-mapping pair may be traversed only finitely many 
times. The same holds for the other circular query-mapping pair in this 
case. Thus, termination is proved. 



6.2 Arithmetic Loops 

We start our discussion on termination of numerical computations by pro- 
viding a formal definition of numerical loop, analyzing the problems one 
discovers when reasoning about termination of numerical loops and explain 
why we restrict ourselves to integer loops. In the end of this section we 
discuss a technique for discovering numerical argument positions that we'll 
base our termination analysis on. 

6.2.1 Numerical and integer loops Our notion of numerical loop is based 
on the predicate dependency graph (cf. p8|): 

Definition 6.1 Let P be a program and let LI be a strongly connected com- 
ponent in its predicate dependency graph. Let S C P be the set of program 
clauses, associated with LI (i.e. those clauses that have the predicates of LL 
in their head). S is called loop if there is a cycle through predicates of LI. 

Definition 6.2 A loop S is called numerical if there is a clause 

H :— Bi, . . . , B n 

in S, such that for some i, B^ = Var is Exp, and either Var is equal to 
some argument of H or Exp is an arithmetic expression involving a variable 
that is equal to some argument of H . 

However, termination of numerical loops that involve numbers that are 
not integers often depends on the specifics of implementation and hard- 
ware, so we limit ourselves to "integer loops" , rather than all numerical 
loops. The following examples illustrate actual behavior that contradicts 
intuition — a loop that should not terminate terminates, while a loop that 
should terminate does not. We checked the behavior of these examples on 
UNIX, with the CLP(Q,R) library || of SICStus Prolog CLP(R) @ 
andXSBfHj. 
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Example 6.2 Consider the following program. The goal p(1.0) terminates 
although we would expect it not to terminate. On the other hand the goal 
q(l . 0) does not terminate, although we would expect it to terminate. 

p(0.0) :- !. 

p(X) :- XI is X/2, p(Xl). 
q(0.0) :- !. 

q(X) :- XI is X - 0.1, q(Xl). 

One may suggest that assuming that the program does not contain divi- 
sion and non-integer constants will solve the problem. The following example 
shows that this is not the case: 

Example 6.3 

r(0). 

r(X) :- X > 0, XI is X - 1, r(Xl). 

The predicate r may be called with a real, non-integer argument, and then 
its behavior is implementation dependent. For example, one would expect 
that r(0.0) will succeed and r(0. 000000001) will fail. However, in SICStus 
Prolog both goals fail, while in CLP(R) both of them succeed! 

Therefore, we limit ourselves to integer loops, that is numerical loops 
involving integer constants and arithmetical calculations over integers: 

Definition 6.3 A program P is integer-based if, given a query such that 
all numbers appearing in it are integers, all subqueries that arise have this 
property as well. 

Definition 6.4 A numerical loop S in a program P is called an integer 
loop if P is integer-based. 

Termination of a query may depend on whether its argument is an in- 
teger, as the following example shows: 

p(0). 

p(N) :-N>0, NlisN-1, p(Nl) . 
p(a) :- p(a) . 

For this program, p(X) for integer X terminates, while p(a) does not. 

So we extend our notion of query pattern. Till now a query pattern was 
an atom with the same predicate and arity as the query, and arguments 
b (denoting an argument that is instantiated enough with respect to the 
norm) or / (denoting an argument on which no assumptions are made). 
Here, we extend the notion to include arguments of the form i, denoting 
an argument that is an integer (or integer expression). Note that b includes 
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the possibility of i in the same way that / includes the possibility b. In the 
diagrams to follow we denote z-arguments by circled black nodes, and as 
before, 6-arguments by black nodes and /-arguments by white nodes. 

Our termination analysis is always performed with respect to a given 
program and a query pattern. A positive response guarantees termination 
of every query that matches the pattern. 



6.2.2 Discovering integer arguments Our analysis that will be discussed in 
the subsequent sections is based on the size relationships between "integer 
arguments" . So we have to discover which arguments are integer arguments. 
In simple programs this is immediate, but there may be more complicated 
cases. 

The inference of integer arguments is done in two phases — bottom-up 
and top-down. Bottom-up inference is similar to type analysis (cf. 
using the abstract domain {int, notJnt} and the observation that an argu- 
ment may became int only if it is obtained from is/2 or is bound to an 
integer expression of arguments already found to be int (i.e. the abstraction 
of int + int is int) . Top-down inference is query driven and is similar to the 
"blackening" process, described in only in this case the information 
propagated is being an integer expression instead of "instantiated enough" . 

Take for example the program 



p(0). 
p(N) 
pCa) 
qCX) 
r(b,a) . 
r(X,X) . 



- N > 0, Nl is N - 1, p(Nl) . 

- p(a). 
r(X,Y) , p(Y) . 



Denoting by int an integer argument, by gni an argument that is ground 
but not integer, and by ng an argument that is not ground, we get from 
bottom-up instantiation analysis that the only pattern possible for r(X, Y) 
atoms that are logical consequences of the program are 



r(int, int), r(gni, gni), r(ng, ng) 

Now we get from top down analysis that a query q(i) gives rise to the query 
p(i) and hence terminates. 

The efficiency of discovering numerical arguments may be improved by a 
preliminary step of guessing the numerical argument positions. The guessing 
is based on the knowledge that variables appearing in comparisons or is/2- 
atoms should be numerical. Instead of considering the whole program it is 
sufficient in this case to consider only clauses of predicates having clauses 
with the guessed arguments and clauses of predicates on which they depend. 
The guessing as a preliminary step becomes crucial when considering "real- 
world" programs that are large, while their numerical part is usually small. 
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6.3 Integer Abstraction Domain 

In this subsection we present a technique that allows us to overcome the 
difficulties caused by the fact that the integers with the usual order are not 
well-founded. Given a program P we introduce a finite abstraction domain, 
representing integers. The integer abstractions are derived from the subgoals 
involving integer arithmetic positions. 

Let S be a set of clauses in P, consisting of an integer loop and all the 
clauses for predicates on which the predicates of the integer loop depend. As 
a first step for definining the abstract domain for each recursive predicate p 
in S we obtain the set of comparisons C p . If p is clear from the context we 
omit the index. 

More formally, we consider as a comparison, an atom of the form tipt2, 
such that t\ and t^ are either variables or constants and p € {<, <, >, >}. 
Our aim in restricting ourselves to these atoms is to ensure the finiteness of 
C. Other decisions can be made as long as finiteness is ensured. Note that 
by excluding ^ and = we do not limit the generality of the analysis. Indeed 
if t\ ^ ti appears in a clause it may be replaced by two clauses containing 
t\ > ti and t\ < t2 instead of t\ 7^2, respectively. Similarly, if the clause 
contains a subgoal t\ = t2, the subgoal may be replaced by two subgoals 
t\ > <2j t\ < t2- Thus, the equalities we use in the examples to follow should 
be seen as a brief notation as above. 

In the following subsections we present a number of techniques to infer 
C from the clauses of S. 

We define V p as the set of pairs (p, c) , for all satisfiable c £ 2 C " . Here we 
interpret c G 2 Cp as a conjunction of the comparisons in c and the negations 
of the comparisons in C p \ c. The abstraction domain T> is taken as the union 
of the sets T> p for the recursive predicates p in S. Simplifying the domain 
may improve the running time of the analysis, however it may make it less 
precise. 

6.3.1 The simple case — collecting comparisons The simplest way to obtain 
C from the clauses of S is to consider the comparisons appearing in the 
bodies of recursive clauses and restricting integer positions in their heads 
(we limit ourselves to the recursive clauses, since these are the clauses that 
can give rise to circular pairs). 

We would like to view C as a set of comparisons of head argument posi- 
tions. Therefore we assume in the simple case that S is partially normalized, 
that is, all head integer argument positions in clauses of S are occupied by 
distinct variables. This assumption holds for all the examples considered so 
far. This assumption will not be necessary with the more powerful technique 
presented in the next subsection. 

Example 6.4 Consider 



t(X) :- X > 5,X < 8,X < 2, XI is X+ 1,X1< 5,t(Xl). 
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Let t(i) be a query pattern for the program above. In this case, the first 
argument of t is an integer argument. Since XI does not appear in the head 
of the first clause Xl<5 is not considered and, thus, C = {X > 5, X < 8, X < 
2}. We have in this example only one predicate and the union is over the 
singleton set. So, V = {X < 2, 2 < X < 5, 5 < X < 8, X > 8}. 

The following example evaluates the mod function. 
Example 6.5 

mod(A, B, C) :- A > B, B > 0, D is A - B, mod(D, B, C). 
mod(A, B, C) :- A < B, A > 0, A = C. 

Here we ignore the second clause since it is not recursive. Thus, by collect- 
ing comparisons from the first clause, C moc j = {argl > ar<?2, argl > 0} and 
thus, by taking all the conjunctions of comparisons of C and their nega- 
tions, we obtain £> moc i = {(mod, argl > arg2 & arg'2 > 0), (mod, argl > 
arg2 & arg2 < 0) , (mod, argl < arg2 & arg2 > 0) , (mod, argl < arg2 & arg2 < 
0)}. 

However, sometimes the abstract domain obtained in this way is insuffi- 
cient for proving termination, and thus, should be refined. The domain may 
be refined by enriching the underlying set of comparisons. Possible ways 
to do this are using inference of comparisons instead of collecting them, or 
performing an unfolding, and applying the collecting or inference techniques 
to the unfolded program. 

6.3.2 Inference of Comparisons As mentioned above, sometimes the ab- 
straction domain obtained from comparisons appearing in S is insufficient. 
Instead of collecting comparisons, appearing in bodies of clauses, we col- 
lect certain comparisons that are implied by bodies of clauses. For example, 
X is Y+Z implies the constraint X=Y+Z and functor (Term, Name , Arity) 
implies Arity> 0. 

As before, we restrict ourselves to recursive clauses and comparisons 
that constrain integer argument positions of heads. Since a comparison that 
is contained in the body is implied by it, we always get a superset of the 
comparisons obtained by the collecting technique, presented previously. The 
set of comparisons inferred depends on the power of the inference engine 
used (e.g. CLP-techniques may be used for this purpose). 

We define the abstract domain T> as above. Thus, the granularity of the 
abstract domain also depends on the power of the inference engine. 

6.3.3 Unfolding Unfolding (cf. |^,^,|[|2|]) allows us to generate a sequence 
of abstract domains, such that each refines the previous. 

More formally, let P be a program and let H :— B\, . , . , B n be a recur- 
sive rule in P. Let Pi be the result of unfolding an atom Bi'mH :— B\ , . . . , B, 
in P. Let Si be a set of clauses in Pi, consisting of an integer loop and the 
clauses of the predicates on which the integer loop predicates depend. 
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Obtain V for the clauses of S\ either by collecting comparisons from 
rule bodies or by inferring them, and use it as a new abstraction domain for 
the original program. If the algorithm still fails to prove termination, the 
process of unfolding can be repeated. 

Example 6.6 Unfolding mc_carthy_91(Zl,Z2) in the recursive clause we ob- 
tain a new program for the query mc_carthy_91 (i , /) 

mc_carthy_91(X,Y) :- X > 100, Y is X - 10. 
mc_carthy_91(X,Y) :- X < 100, Zl is X+ 11, Zl > 100, 

Z2 is Zl — 10, mc_carthy_91(Z2, Y). 
mc_carthy_91(X, Y) :- X < 100, Zl is X + 11, Zl < 100, Z3 is Zl + 11, 

mc_carthy_91(Z3, Z4), mc_carthy_91(Z4, Z2), 

mc_carthy_91(Z2, Y). 

Now if we use an inference engine that is able to discover that X is Y+Z 
implies the constraint X=Y+Z, we obtain the following constraints on the 
bound head integer variable X (for convenience we omit redundant ones): 
From the second clause we obtain: X < 100, and since X + 11 > 100 
we get X > 89. Similarly, from the third clause: X < 89. Thus, C = {X < 
89, X > 89AA" < 100} Substituting this in the definition of T>, and removing 
inconsistencies and redundancies, we obtain V = {X < 89, X > 89 A X < 
100, X > 100}. 

6.3.4 Propagating domains The comparisons we obtain by the techniques 
presented above may restrict only some subset of integer argument posi- 
tions. However, for the termination proof, information on integer arguments 
outside of this subset may be needed. For example, as we will see shortly, in 
order to analyze correctly mc_carthy_91 we need to determine the domain 
for the second argument, while the comparisons we have constrain only the 
first one. Thus, we need some technique of propagating abstraction domains 
that we obtained for one subset of integer argument positions to another 
subset of integer argument positions. Clearly, this technique may be seen as 
a heuristic and it is inapplicable if there is no interaction between argument 
positions. 

To capture this interaction we draw a graph for each recursive numerical 
predicate, that has the numerical argument positions as vertices and edges 
between vertices that can influence each other. In the case of mc_carthy_91 
we get the graph having an edge between the first argument position and 
the second one. 

Let 7r be a permutation of the vertices of a connected component of 
this graph. Define irV to be the result of replacing each occurrence of argi 
in T> by arg w ^. Consider the Cartesian product of all abstract domains 
irV thus obtained, discarding unsatisfiable conjunctions. We will call this 
Cartesian product the extended domain and denote it by £V. In the case of 
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mc_carthy_91 wc get as £T> the set of elements mc_carthy_91 (A,B) , such 
that A and B are in {small, med, big}. 

More generally, when there are arithmetic relations (e.g. Y is X+l) be- 
tween argument positions, £ T> can contain new subdomains that can be 
inferred from those in T>. 



6.4 Abstract interpretation 

In this section we use the integer abstractions obtained earlier to classify, in a 
finite fashion, all possible answers to queries. This analysis can be skipped in 
simple cases (just as in TermiLog constraint inference can be skipped when 
not needed), but is necessary in more complicated cases, like mc_carthy_91. 
Most examples encountered in practice do not need this analysis. 

The basic idea is as follows: define an abstraction domain and perform 
a bottom-up constraints inference. 

The abstraction domain that should be defined is a refinement of the ab- 



straction domain we defined in Subsection 6.3. There we considered only re- 
cursive clauses, since non-recursive clauses do not affect the query-mapping 
pairs. On the other hand, when trying to infer constraints that hold for 
answers of the program we should consider non-recursive clauses as well. In 
this way using one of the techniques presented in the previous subsection 
both for the recursive and the non-recursive clauses an abstraction domain 
T> is obtained. Clearly, T> is a refinement of T>. 

Example 6.7 For mc_carthy_91 we obtain that the elements of T> are the 



intersections of the elements in ET> (see the end of Subsection 6.3.4 )with 
the constraint in the non-recursive clause and its negation. 



Example 6.8 Continuing the mod-example we considered in Example 6.5 
and considering the non-recursive clause for mod as well, we obtain by col- 
lecting comparisons C = {argl > arg2,arg2 > 0,argl < arg2, arg3 < 
arg2, argl > 0, argl < arg3, argl > arg3} and, thus, T> consists of all pairs 
(mod, c) for c a satisfiable element of 2 C . 

Given a program P, let B be the corresponding extended Herbrand base, 
where we assume that arguments in numerical positions are integers. Let 
Tp be the immediate consequence operator. Consider the Galois connection 
provided by the abstraction function a : B — > V and the concretization 
function 7 : T> — > B defined as follows: The abstraction a of an element in B 
is the pair from T> that characterizes it. The concretization 7 of an element 
in T> is the set of all atoms in B that satisfy it. Note that a and 7 form a 
Galois connection due to the disjointness of the elements of V. 

Using the Fixpoint Abstraction Theorem (cf. [pi) we get that 
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We will take a map w : T> — > T>, that is a widening [ (Tcfl of a o Tp o 7 and 
compute its fixpoint. Because of the finiteness of T> this fixpoint may be 
computed bottom-up. 

The abstraction domain T> describes all possible atoms in the extended 
Herbrand base B. However, it is sufficient for our analysis to describe only 
computed answers of the program, i.e., a subset of B. Thus, in practice, 
the computation of the fixpoint can sometimes be simplified as follows: We 
start with the constraints of the non-recursive clauses. Then we repeatedly 
apply the recursive clauses to the set of the constraints obtained thus far, 
but abstract the conclusions to elements of V. In this way we obtain a CLP 
program that is an abstraction of the original one. This holds in the next 
example. The abstraction corresponding to the predicate p is denoted p w . 

Example 6.9 Consider once more mc_carthy_91. As claimed above we start 
from the non-recursive clause, and obtain that 

mc_carthy_91 H (A, B) :- {A > 100, B = A - 10}. 

By substituting in the recursive clause of mc_carthy_91 we obtain the fol- 
lowing 

mc_carthy_91(X, Y) :- X < 100, Zl is X+11,Z1 > 100, 

Z2 is Zl - 10, Z2 > 100, Y is Z2 - 10. 

By simple computation we discover that in this case X is 100, and Y is 91. 
However, in order to guarantee the termination of the inference process we 
do not infer the precise constraint {X = 100, Y = 91}, but its abstraction, 
i.e., an atom mc_carthy_91 w (med, med). Repeatedly applying the procedure 
described, we obtain an additional answer mc_carthy_91 w (small, med). 

More formally, the following SICStus Prolog CLP(R) program performs 
the bottom-up construction of the abstracted program, as described above. 
We use the auxiliary predicate in/2 to denote a membership in T> and the 
auxiliary predicate e_in/2 to denote a membership in the extended domain 
SV. 

:— use_module(library(clpr)). 
:— use_module(library(terms)). 
:— dynamic(mc_carthy_91 w /2). 



in(X,big) :- {X > 100}. 
in(X,med) :- {X > 89, X < 100}. 
in(X, small) :- {X < 89}. 



e_in((X, Y), (XX, YY)) :- in(X, XX), in(Y, YY). 
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mc_carthy_91 w (X, Y) :- {X > 100, Y = X - 10}. 

assert_if_new((H :- B)) :- \+ (clause(Hl, Bl), 

unif y_with_occurs_check((H, B), (HI, Bl))), 
assert((H :- B)). 

deduce :- {X < 100, Z = X + 11}, mc_carthy_91 w (Z, Zl), 
mc_carthy_91 B (Zl, Y), e.in((X, Y), (XX, YY)), 
assert_if_new((mc_carthy_91 w (A,B) :- e_in((A, B), (XX, YY)))), 
deduce. 

deduce. 



The resulting abstracted program is 



mc_carthy_91 w (A,B) 
mc_carthy_91 w (A, B) 
mc_carthy_91 w (A, B) 



— {A > 100, B = A - 10}. 

— e_in((A, B), (med, med)). 

— e_in((A, B), (small, med)). 



Since we assumed that the query was of the form mc_carthy_91 (i , /) we can 
view these abstractions as implications of constraints like argl < 89 implies 
89 < arg2 < 100. We also point out that the resulting abstracted program 
coincides with the results obtained by the theoretic reasoning above. 

As an additional example consider the computation of the gcd according 
to Euclid's algorithm. Proving termination is not trivial, even if the succes- 
sor notation is used. In j23) only applying a special technique allowed to do 
this. 

Example 6.10 Consider the following program and the query gcd(i ,i , f) . 
gcd(X, 0,X) :- X > 0. 

gcd(X,Y,Z) :- Y > 0, mod(X, Y, U), gcd(Y, U, Z). 

mod(A, B, C) :- A > B, B > 0, D is A - B, mod(D, B, C). 
mod(A, B, C) :- A < B, A > 0, A = C. 

In this example we have two nested integer loops represented by the predi- 
cates mod and gcd. We would like to use the information obtained from the 
abstract interpretation of mod to find the relation between the gcd-atoms 
in the recursive clause. Thus, during the bottom-up inference process we 
abstract the conclusions to elements of T> mod , as it was evaluated in Exam- 



ple 6.8. Using this technique we get that if mod(X, Y, Z) holds then always 



Z < Y holds, and this is what is needed to prove the termination of gcd. 
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6.5 Query-mapping pairs 

In this subsection we extend the query-mapping pairs technique to pro- 
grams having numerical arguments. We assume that a norm is defined for 
all arguments. 

We start with the construction of the original query-mapping pairs, but 
for atoms (in the query, domain or range) that are part of integer loops we 
also add the appropriate numerical constraints from the integer abstraction 
domain (remember that there is only a finite number of elements in the 
integer abstraction domain). 

We also add numerical arcs and edges between numerical argument posi- 
tions. These arcs and edges are added if numerical inequalities and equalities 
between the arguments can be deduced. Deduction of numerical edges and 
arcs is usually done by considering the clauses. However, if a subquery q uni- 
fies with a head of a clause of the form A :— B\, . , . , B}., , . . , B n and we want 
to know the relation between q and Bk (under appropriate substitutions), 
we may use the results of the abstract interpretation to conclude numeri- 
cal constraints for B\, ... , B^-i- The reason is that if we arrive at Bk, this 
means that we have proved B%, . . . , B^-\ (under appropriate substitutions). 
All query-mapping pairs deduced in this way are then repeatedly composed. 
The process terminates because there is a finite number of query-mapping 
pairs. 

A query-mapping pair is called circular if the query coincides with the 
range. The initial query terminates if for every circular query-mapping pair 
one of the following conditions holds: 

— The circular pair meets the requirements of the termination test of The- 



orem 5.2 



— There is a non-negative termination function for which we can prove a 
decrease from the domain to the range using the numerical edges and 
arcs and the constraints of the domain and range. 

Two questions remain: how does one automate the guessing of the func- 
tion, and how does one prove that it decreases. Our heuristic for guessing a 
termination function is based on the inequalities appearing in the abstract 
constraints. Each inequality of the form Expl p Exp2 where p is one of 
{>, >} suggests a function Expl — Exp2. 

The common approach to termination analysis is to find one termination 
function that decreases over all possible execution paths. This leads to com- 
plicated termination functions. Our approach allows one to guess a number 
of relatively simple termination functions, each suited to its query-mapping 
pair. When termination functions are simple to find, the guessing process 
can be performed automatically. 

After the termination function is guessed, its decrease must be proved. 
Let Vi, . . . , V n denote numerical argument positions in the domain and 
U\ , . . . , U n the corresponding numerical argument positions in the range of 
the query-mapping pair. First, edges of the query-mapping pair are trans- 
lated to equalities and arcs, to inequalities between these variables. Second, 
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the atom constraints for the V's and for the U's are added. Third, let tp 
be a termination function. We would like to check that <p(Vt, ■ ■ ■ , V n ) > 
tp(Ui, . . . , U n ) is implied by the constraints. Thus, we add the negation of 
this claim to the collection of the constraints and check for unsatisfiability. 
Since termination functions are linear, CLP-techniques, such as CLP(R) 
and CLP(Q,R) jlq ], are robust enough to obtain the desired contradiction. 
Note however, that if more powerful constraints solvers are used, non-linear 
termination functions may be considered. 
To be more concrete: 

Example 6.11 Consider the following program with query p(i,i)- 
P(0,-). 

p(X, Y) :- X > 0,X < Y,X1 is X + 1, p(Xl, Y). 

p(X,Y) :-X>0,X>Y,Xl is X-5,Y1 is Y — l,p(Xl, Yl). 

We get, among others, the circular query-mapping pair having the query 



,i) ,{argl > 0, argl < arg2}) and the mapping given in Figure 6.2. 
The termination function derived for the circular query-mapping pair is 
arg2—argl. In this case, we get from the arc and the edge the constraints: 
Vi < Ui,V 2 = U 2 . We also have that Vi > 0, U x > 0,Vi < V 2 ,Ui < U 2 . 
We would like to prove that V 2 — V\ > U 2 — Ui is implied. Thus, we add 
V 2 — Vi < U 2 — Ui to the set of constraints and CLP-tools easily prove 
unsatisfiability, and thus, that the required implication holds. 





{argl>0, argl<arg2} 


® ® 


{ arg 1 >0, arg 1 <arg2 ) 



Fig. 6.2 Mapping for p 



In the case of the 91-function the mappings are given in Figure |6.3[ (We 
omit the queries from the query-mapping pairs, since they are identical to 
the corresponding domains.) 





{argl 


in med } 




{argl in small } 




{argl in small } 




{argl 


in med } 




{argl in med } 




{argl in small } 



Fig. 6.3 Mappings for McCarthy's 91 function 



In the examples above there were no interargument relations of the type 
considered in pi]] . However, this need not be the case in general. 
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Example 6.12 Consider the following program with the query q(b,b,i) and 
the term-size norm. 

(1) q(s(X),X,_). 

(2) q(s(X),X,N) :-N>0,Nl is N - 1, q(s(X), X, Nl). 

(3) q(s(s(X)),Z,N) :-N=<0,Nl is N - 1, q(s(X), Y, Nl), q(Y, Z, Nl). 

Note that constraint inference is an essential step for proving termination — 
in order to infer that there is a norm decrease in the first argument between 
the head of (3) and the second recursive call (i.e. || s(s(X)) \\>\\ Y ||), 
one should infer that the second argument in q is less than the first with 
respect to the norm (i.e. || s(X) \\>\\ Y ||). We get among others circular 
query-mapping pairs having the mappings presented in Figure 6.4. The 
queries of the mappings coincide with the corresponding domains. In the 
first mapping termination follows from the decrease in the third argument 
and the termination function arg3> 0. In the second mapping termination 
follows from the norm decrease in the first argument. 



I arg2 II < II argl II, arg3>0} 
I arg2 II < II argl II, arg3>0} 



I ! 



(arg3=<0) 
{arg3=<0} 



Fig. 6.4 Mappings for q 



6.6 The Extended Algorithm 

In this section we combine all the techniques suggested so far. The com- 



plete algorithm Analyze_Termination is presented in Figure 3.5. Each step 
corresponds to one of the previous sections. 

Note that Step 3, computing the abstractions of answers to queries, is 
optional. If the algorithm returns NO it may be re-run either with Step 3 
included or with a different integer abstraction domain. 

The Analyze_Termination algorithm is sound: 

Theorem 6.1 Let P be a program and q a query pattern. 

— Analyze_Termination(P, q) terminates. 

— If Analyze_Termination(P, q) reports YES then, for every query Q match- 
ing the pattern q, the LD-tree of Q w.r.t. P is finite. 

Work is being done now to implement the ideas in this section, and thus 
to be able to deal with programs for which termination depends on the 
behavior of arithmetic predicates. 
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Algorithm Analyze_Termination 

Input A query pattern q and a Prolog program P 

Output YES, if termination is guaranteed 

NO, if no termination proof was found 

(1) Guess and verify numerical argument positions; 

(2) Compute the integer abstraction domain; 

(3) Compute abstractions of answers to queries (optional); 

(4) Compute ordinary and numerical query-mapping pairs; 

(5) For each circular query-mapping pair do: 

(6) If its circular variant has a forward positive cycle then 

(7) Continue; 

(8) If the query-mapping pair is numerical then 

(9) Guess bounded termination function; 

(10) Traverse the query-mapping pair and compute values 

of the termination function; 

(11) If the termination function decreases monotonically then 

(12) Continue; 

(13) Return NO; 

(14) Return YES. 



Fig. 6.5 Termination Analysis Algorithm 
7 Conclusion and Generalizations 

We have seen the usefulness of the query mapping-pairs approach for proving 
termination of queries to logic programs by using symbolic linear norm 
relations between arguments and also by comparing numerical arguments. 

In the query-mapping pairs method as outlined above there are two 
crucial elements: 

1. There is a finite number of abstractions of atoms in subgoals of the 
LD-tree. This ensures that A is finite. 

2. Arcs represent an order. 

This suggests two directions for generalization — using different abstractions 
and using different orders. 

7.1 Using Different Abstractions of Terms and a Linear Norm 

We can use the original query-mapping pairs as before with the only dif- 
ference that we'll abstract nodes not to just black and white ones but to a 
larger, though finite, set. For instance if we have a program 



p(l) :— {infinite loop}. 
p(0). 
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and take the term-size norm and a query p(bound), the query-mapping al- 
gorithm will say that there may be non-termination. However, we can use 
the abstractions l,g,f, where g means any ground term that is not 1 and 
/ means any term, and apply the above algorithm, with the only difference 
being in the unification of the abstractions. In the algorithm in Subsec- 
tion |5.1| we used unification of abstractions in two places — when adjusting 
the weighted rule graph to the instantiation pattern of the query and when 
composing query-mapping pairs. In those cases the result of the unification 
of two nodes of which at least one was black resulted in a black node, and 
the unification of two white nodes resulted in a white node. In the present 
case g and 1 will not unify so we will be able to prove that a query p(g) 
terminates. 

Observation 7.1 The original query-mapping pairs algorithm remains valid 
if we abstract arguments of atoms in the LD-tree to elements of any finite 
set of abstractions, as long as we include a sound procedure for unification 
of these abstractions. 

7.2 Using Norms that Involve Ordinal Numbers 

There are programs for which the use of linear norms is not sufficient. The 
following program performs repeated differentiation. 

d(deriv(t), 1). 

d(deriv(A), 0) :— number(A). 

d(deriv(X + Y),L + M) :- d(deriv(X), L), d(deriv(Y), M). 
d(deriv(X * Y), (X * L + Y * M)) :- d(deriv(X), M), d(deriv(Y), L). 
d(deriv(deriv(X)),L) :- d(deriv(X), M), d(deriv(M), L). 

In this case one can show that for no choice of constants in the definition 
of the linear norm will it be possible to prove termination of d(ground, free). 
However, we can use the query-mapping pairs method with the abstraction 
of arguments to ground and non-ground, but use a norm that associates with 
each term an ordinal number in the following way (w denotes, of course, the 
first infinite ordinal): 

||ctera;(X)|| = u + \\X\\ 
\\x + y\\ = \\x\\ © ||Y|| +2 

||X*Y|| = \\X\\ © ||Y|| + 2 
where (niu> + fci) © {n2UJ + k2) for non-negative integers n\,ni,k\,ki is 
defined as max(rii,ri2)w + (fci + fe) and + is a usual addition of ordinal 
numbers. 

Observation 7.2 The original query-mapping algorithm remains valid if 
we replace, in the computation of norms, integers by ordinal numbers with 
the operations defined above. 

Acknowledgement: We are very grateful to the anonymous referees for 
their careful reading and helpful suggestions. 
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